1

I found a tutorial for a mysqli and php login page to add to a website, i followed that tutorial step by step, spent at least 7 hours trying to figure out why it won't work, searching Google endlessly but nothing.

The code seems to be working but it seems two variables won't declare and it's skipping over them, I'll enter an email and password, hit log in, then ill get the notification 'Email or password are incorrect' the database is setup correctly and linked it just seems like it's one line of code and i can't figure it out.

Any input is welcome even if it's something basic, i am only learning this stuff hence the tutorial i was following, just want to know what is wrong and why.

Thanks.

Html Code

<!DOCTYPE html><?php session_start();?>

<html>

<head>

<title>Sign In</title>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/style.css"/>

</head>
<body>
<div id="container">

<header>

<a href="index.html"><img src="images/Header.jpg" alt="logo" /></a>

</header>


<header>
<a href="login.html"><img src="images/login.jpg" alt="login" /></a>
<a href="https://www.facebook.com/ArcticMonkeys"><img src="images/Facebook.jpg" alt="FB" /></a>
<a href="https://twitter.com/arcticmonkeys"><img src="images/Twitter.jpg" alt="Twitter" /></a>

</header>

<div class="menu">
<div align="center">
<ul class="list">
    <li class="item"><a href="index.html">Home</a>
    <li class="item"><a href="gallery.html">Gallery</a>
    <li class="item"><a href="videos.html">Videos</a>
    <li class="item"><a href="discography.html">Discography</a>
    <li class="item"><a href="register.html">Register</a>

     <li class="item"><a href="#">About</a>
        <ul class="list">
            <li><a href="alex.html">Alex Turner</a></li>
            <li class="list">
                <a href="matt.html">Matt Helders</a>
                <ul class="list">
                    <a href="jamie.html">Jamie Cook</a>
                    <ul class="list">
                        <a href="nick.html">Nick O'Malley</a>
                        <ul class="list">
                            <a href="andy.html">Andy Nicholson</a>
                            <ul class="list">
                        </ul>
            </li>


</div>
</div>


<div align="center"><BR><BR><BR><BR>
<body id="body-color"> 

<div id="Sign-In"> 




</head>

<form action="login.php" method="post">

<table width="500" align="center">

<tr align="center">

<td colspan="3"><h2>User Login</h2></td>

</tr>

<tr>

<td align="right"><b>Email</b></td>

<td><input type="text" name="email" required="required"/></td>

</tr>

<tr>

<td align="right"><b>Password:</b></td>

<td><input type="password" name="pass" required="required"></td>

</tr>

<tr align="center">

<td colspan="3">

<input type="submit" name="login" value="Login"/>


</td>

</tr>

</table>

</form>

<br><br>
<br><br>

<H3>If you do not have an account please register <a href="register.html">HERE</a><br>otherwise access is restricted to member pages<h3>

</div> 

</body> 

</html>

Here's the php code

<!DOCTYPE html><?php session_start();?>
//Forgot this line when first posting //
<?php

// establishing the MySQLi connection



$con = mysqli_connect("localhost","root","","info");

if (mysqli_connect_errno())

{

echo "MySQLi Connection was not established: " . mysqli_connect_error();

}

// checking the user

if(isset($_POST['login'])){

$email = mysqli_real_escape_string($con,$_POST['email']);

$pass = mysqli_real_escape_string($con,$_POST['pass']);

$sel_user = ("select * from users where user_email='$email' AND user_pass='$pass'");  
//This is where i think my problem is,  $email and $pass are highlighted grey
instead of how normally declared variables would look. //

$run_user = mysqli_query($con, $sel_user);

$check_user = mysqli_num_rows($run_user);

if($check_user>0){

$_SESSION['user_email']=$email;

echo "<script>window.open('home.php','_self')</script>";

}

else {

echo "<script>alert('Email or password is not correct, try again!')</script>";

}

}

?>

Here is a link to screenshots they might give more clarity [http://imgur.com/bX6HSmD,qFvyTGK,xEEiBi6,yAEvqAR,OdgRYFZ,U48OWkh]

Improve this question
20
  • 1
    Danger: "Not hashing at all" is an unsuitable hashing algorithm; you need to take better care of your users' passwords. Commented Aug 7, 2015 at 10:59
  • 1
    @Quentin I can't get over how all the answers (so far) aren't paying attention to code flow. I voted to close as unclear, as stated above. Commented Aug 7, 2015 at 11:18
  • 1
    Add error reporting to the top of your file(s) right after your opening PHP tag for example <?php error_reporting(E_ALL); ini_set('display_errors', 1); then the rest of your code, to see if it yields anything, as well as or die(mysqli_error($con)) to mysqli_query(). Commented Aug 7, 2015 at 11:31
  • 1
    @Fred-ii- — It would, but not enough to make the if statement go down the wrong branch. Commented Aug 7, 2015 at 11:31
  • 1
    At the moment, my best guess is that the email address and password being entered aren't actually in the database table. Commented Aug 7, 2015 at 11:39

3 Answers 3

Reset to default
5

Your screenshot's password column is user_password but your column is user_pass in your query.

AND user_pass='$pass'
    ^^^^^^^^^

Having checked for errors would have signaled that, unknown column.

As I mentioned in comments to add or die(mysqli_error($con)) to mysqli_query().

enter image description here

Edit:

It has been mentioned but I am including this here, should some of those comments get deleted in regards to password storage and prepared statements.

Since you appear to be new at this, it's good to start learning about using proper hashing and safe queries.

Storing passwords in plain text isn't safe, not for online use anyway or should anyone hack into your own PC; it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

Plus, in regards to SQL injection, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

that fixed everything, working perfectly now. will remember to add that in next time, thank you so much! greatly appreciated!
@RyanOBhaoil You're welcome Ryan. Lordie, I'm glad this one got resolved, cheers
Two days trying to figure it out and it was something so simple haha! life saver
@RyanOBhaoil I know the feeling. I'm working on something right now, and I'm 3 days into; and counting. Looking for the dimmest of light to start appearing at the end of the tunnel.
Good luck, im sure you'll find it, cheers for the input on this again!
|
-1

use if(session_id() == "") {session_start();} at the top of the page, anything before

Improve this answer

2 Comments

Try to change your code $sel_user = ("select * from users where user_email='$email' AND user_pass='$pass'"); by echo $sel_user = "select * from users where user_email='$email' AND user_pass='$pass'"; And test your select in phpmyadmin ?
I have <!DOCTYPE html><?php session_start();?> at the top of the page, i replaced the code with yours and it's still the same, just going straight to the last echo 'wrong email or password' it still looks like $email and $pass aren't properly declared as well [imgur.com/kmVKrga]
-1

You need to start a session in all your PHP Scripts which use sessions. Use: session_start();before calling $_SESSION and then set the $_SESSION with the desired value.

Improve this answer

4 Comments

I have that in it, missed it when i was c&p was at the very top, sorry problem is fixed now in the original post.
$_SESSION isn't being touched. The if branch with it is isn't touched.
Is echo "<script>window.open('home.php','_self')</script>"; executing at least?
@ProtectedVoid — Of course it isn't. The question says that echo "<script>alert('Email or password is not correct, try again!')</script>"; is executing.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.